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(57) ABSTRACT 

A system determines whether to grant a user access to a 
network server. Prior to granting access to the network 
server, the network server authenticates the user by sending 
an authentication request to an authentication server. The 
authentication server determines whether the user was 
already authenticated by the authentication server. If the user 
is authenticated by the authentication server, then the net- 
work server is notified that the user is authenticated through 
the use of an authentication ticket, and the network server 
grants the network server user access. If the user is not 
authenticated by the authentication server, then login infor- 
mation is retrieved from the user and compared to authen- 
tication information maintained by the authentication server. 
If the retrieved login information matches the authentication 
information, then the network server is notified that the user 
is authenticated by using the authentication ticket. 

36 Claims, 6 Drawing Sheets 
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CONTROLLING ACCESS TO A NETWORK 
SERVER USING AN AUTHENTICATION 
TICKET 



TECHNICAL FIELD 

This invention relates to network access systems. More 
particularly, the invention relates to the control of access to 
a network by a user through an authentication server that 
generates an authentication ticket indicating whether the 
user has been authenticated. 

BACKGROUND OF THE INVENTION 

The recent growth in popularity of the Internet has 
significantly increased the number of Internet users and the 
number of Internet sites (also referred to as "web sites"). 
Web sites may provide various types of information to users, 
offer products or services for sale, and provide games and 
other forms of entertainment. Many web sites require users 
to "register" by providing information about themselves 
before the web server grants access to the site. This regis- 
tration information may include the user's name, account 
number, address, telephone number, email address, com- 
puter platform, age, gender, or hobbies. The registration 
information collected by the web site may be necessary to 
complete transactions (such as commercial or financial 
transactions). Additionally, information can be collected 
which allows the web site operator to learn about the visitors 
to the site to better target its future marketing activities or 
adjust the information provided on the web site. The col- 
lected information may also be used to allow the web site to 
contact the user directly (e.g., via email) in the future to 
announce, for example, special promotions, new products, 
or new features of the web site. 

When registering with a web site for the first time, the web 
site typically requests that the user select a login ID and an 
associated password. The login ID allows the web site to 
identify the user and retrieve the user's information during 
subsequent user visits to the web site. Generally, the login ID 
must be unique to the web site such that no two users' have 
the same login ID. The password associated with the login 
ID allows the web site to authenticate the user during 
subsequent visits to the web site. The password also prevents 
others (who do not know the password) from accessing the 
web site using the user's login ID. This password protection 
is particularly important if the web site stores private or 
confidential information about the user, such as financial 
information or medial records. 

If a user visits several different web sites, each web site 
may require entry of similar registration information about 
the user, such as the user's name, mailing address, and email 
address. This repeated entry of identical data is tedious when 
visiting multiple web sites in a short period of time. Many 
web sites require the user to register before accessing any 
information provided on the web site. Thus, the user must 
enter the requested registration information before they can 
determine whether the site contains any information of 
interest. 

After registering with multiple web sites, the user must 
remember the specific login ID and password used with each 
web site or other Internet service. Without the correct login 
ID and password, the user must re-enter the registration 
information. A particular user is likely to have different login 
IDs and associated passwords on different web sites. For 
example, a user named Bob Smith may select "smith" as his 
login ID for a particular site. If the site already has a user 
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with a login ID of "smith" or requires a login ID of at least 
six characters, then the user must select a different login ID. 
After registering at numerous web sites, Bob Smith may 
have a collection of different login IDs, such as: smith, 

5 smithl, bsmith, smithb, bobsmith, bob__smith, and smith- 
bob. Further, different passwords may be associated with 
different login IDs due to differing password requirements of 
the different web sites (e.g., password length requirements or 
a requirement that each password include at least one 

10 numeric character). Thus, Bob Smith must maintain a list of 
web sites, login IDs, and associated passwords for all sites 
that he visits regularly. 

SUMMARY OF THE INVENTION 

35 The invention provides a mechanism for controlling 
access to a network server (such as a web server) through the 
use of an authentication ticket. A web user can maintain a 
single login ID (and associated password) that provides 
access to multiple web servers or services. Once the user has 

20 logged into an authentication server, it is not necessary to 
re-enter the login ID or user information when accessing 
other affiliated web servers. The single login ID has an 
associated user profile that contains the registration infor- 
mation typically requested by web servers during a user 

25 registration process. The authentication server authenticates 
each login ID using the associated password and generates 
an authentication ticket indicating whether the user is 
authenticated (i.e., whether the user should be granted access 
to the web server). The individual web servers are not 

30 required to authenticate the individual users. Further, to 
protect the user's password, the individual web servers do 
not receive the user's password. Instead, the individual web 
servers receive an authentication ticket indicating whether 
the user was authenticated by the authentication server and 

35 how long since the user was last authenticated. The authen- 
tication ticket includes two time stamps: one indicating the 
last time the user's login ID and password were physically 
typed by the user and a second time stamp indicating the last 
time the user's login information was refreshed by the 

40 authentication server. This "refresh" of the user's login 
information may be performed silently or by having the user 
type the login information. 

An implementation of the invention receives a request 

45 from a network server to authenticate a user who is seeking 
access to the network server. The process determines 
whether the user was already authenticated by the authen- 
tication server. If the user was already authenticated, then 
the network server is notified that the user is authenticated 

5Q through the use of an authentication ticket. If the user was 
not already authenticated by the authentication server, then 
login information is retrieved from the user and compared to 
authentication information maintained by the authentication 
server. The network server is notified (through the use of an 

5S authentication ticket) that the user is authenticated if the 
retrieved login information matches the authentication infor- 
mation. 

Other aspects of the invention provide for an authentica- 
tion ticket that does not contain any reference to the user's 
60 login information. 

In accordance with another aspect of the invention, the 
authentication ticket includes a first time stamp indicating 
the last time the user's login information was refreshed, and 
a second time stamp indicating the last time the user 
65 physically entered their login information. 

In one embodiment of the invention, the network server is 
a web server coupled to the Internet. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

FIG, 1 illustrates an exemplary network environment in 
which the present invention is utilized. 

FIG. 2 is a block diagram showing pertinent components 
of a computer in accordance with the invention. 

FIGS. 3 and 4 illustrate the interaction between the client 
computer system, a particular affiliate server and the authen- 
tication server when a user of the client computer system 
seeks access to the affiliate server, 

FIGS. 5 and 6 illustrate the interaction between the client 
computer system, a particular affiliate server and the authen- 
tication server in a different situation. 

DETAILED DESCRIPTION 

FIG. 1 illustrates an exemplary network environment in 
which the present invention is utilized. A client computer 
system 100 is coupled to a network 102. In this example, 
network 102 is the Internet (or the World-Wide Web). 
However, the teachings of the present invention can be 
applied to any data communication network. Multiple affili- 
ate servers 104, 106, and 108 are coupled to network 102; 
thereby allowing client computer system 100 to access web 
servers 104, 106, and 108 via the network. Affiliate servers 
104, 106, and 108 are also referred to as "web servers" and 
"network servers". An authentication server 110 is also 
coupled to network 102, allowing communication between 
the authentication server and client computer system 100 
and web servers 104, 106, and 108. Although referred to as 
an "authentication server", authentication server 110 is also 
a web server capable of interacting with web browsers and 
other web servers. In this example, data is communicated 
between the authentication server, client computer system, 
and web servers using the hypertext transfer protocol (http), 
a protocol , commonly used on the Internet to exchange 
information. 

An authentication database 112 is coupled to authentica- 
tion server 110. The authentication database 112 contains 
information necessary to authenticate users and also identi- 
fies which elements of the user profile information should be 
provided to a particular affiliate server when the user 
accesses the affiliate server. Although the authentication 
database 112 is shown separately from the authentication 
server 110, in other embodiments of the invention, the 
authentication database is contained within the authentica- 
tion server. 

The authentication process, as described below, authen- 
ticates a user of client computer 100 seeking access to an 
affiliate server 104, 106, or 108. The authentication server 
110 authenticates the user of client computer 100 by request- 
ing authenticating information, such as the user's login ID 
and password. If the user is successfully authenticated, then 
authentication server 110 generates an authentication ticket 
and communicates the ticket to the appropriate affiliate 
server. The authentication ticket indicates that the user is 
authenticated. Additional details regarding the authentica- 
tion ticket .are provided below. 

As part of the user authentication process, the authenti- 
cation server 110 may provide certain user profile informa- 
tion to the affiliate server, such as the user's email address, 
user preferences, and the type of Internet browser installed 
on client computer 100. This user profile information is 
associated with the user's login ID so that each time the user 
logs into an affiliate server, the associated user profile 
information is available to provide to the affiliate server. 
This user profile allows the user to enter the information 



'8,731 Bl 

4 

once and use that information during subsequent logins to 
new affiliate servers. 

The term "affiliate server" is defined herein as a web 
server that has "registered" or otherwise established a rela- 

5 tionship or affiliation with the authentication server 110. 
Each affiliate server 104, 106, and 108 includes a code 
sequence (not shown) that allows the affiliate server to 
communicate with the authentication server 110 when a user 
(who is also registered with the authentication server) 

10 requests access to the affiliate server. Additional details 
regarding the authentication process and the interaction 
between the client computer, the affiliate servers, and the 
authentication server are provided below. 

FIG. 2 shows a general example of a computer 130 that 
can be used with the present invention. A computer such as 
that shown in FIG. 2 can be used for client computer system 
100, authentication server 110, or any of the affiliate servers 
104, 106 or 108. 

Computer 130 includes one or more processors or pro- 
cessing units 132, a system memory 134, and a bus 136 that 

20 couples various system components including the system 
memory 134 to processors 132. The bus 136 represents one 
or more of any of several types of bus structures, including 
a memory bus or memory controller, a peripheral bus, an 
accelerated graphics port, and a processor or local bus using 

25 any of a variety of bus architectures. The system memory 
134 includes read only memory (ROM) 138 and random 
access memory (RAM) 140. A basic input/output system 
(BIOS) 142, containing the basic routines that help to 
transfer information between elements within computer 130, 

30 such as during start-up, is stored in ROM 138. 

Computer 130 further includes a hard disk drive 144 for 
reading from and writing to a hard disk (not shown), a 
magnetic disk drive 146 for reading from and writing to a 
removable magnetic disk 148, and an optical disk drive 150 

35 for reading from or writing to a removable optical disk 152 
such as a CD ROM or other optical media. The hard disk 
drive 144, magnetic disk drive 146, and optical disk drive 
150 are connected to the bus 136 by an SCSI interface 154 
or some other appropriate interface. The drives and their 

40 associated computer-readable media provide nonvolatile 
storage of computer-readable instructions, data structures, 
program modules and other data for computer 130. Although 
the exemplary environment described herein employs a hard 
disk, a removable magnetic disk 148 and a removable 

45 optical disk 152, it should be appreciated by those skilled in 
the art that other types of computer- readable media which 
can store data that is accessible by a computer, such as 
magnetic cassettes, flash memory cards, digital video disks, 
random access memories (RAMs), read only memories 

50 (ROMs), and the like, may also be used in the exemplary 
operating environment. 

A number of program modules may be stored on the hard 
disk 144, magnetic disk 148, optical disk 152, ROM 138, or 
RAM 140, including an operating system 158, one or more 

55 application programs 160, other program modules 162, and 
program data 164. A user may enter commands and infor- 
mation into computer 130 through input devices such as a 
keyboard 166 and a pointing device 168. Other input devices 
(not shown) may include a microphone, joystick, game pad, 

60 satellite dish, scanner, or the like. These and other input 
. devices are connected to the processing unit 132 through an 
interface 170 that is coupled to the bus 136. A monitor 172 
or other type of display device is also connected to the bus 
136 via an interface, such as a video adapter 174. In addition 

65 to the monitor, personal computers typically include other 
peripheral output devices (not shown) such as speakers and 
printers. 
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Computer 130 commonly operates in a networked envi- The operator of affiliate server 104 registers with the 
ronment using logical connections to one or more remote authentication server 110 by providing information about the 
computers, such as a remote computer 176. The remote affiliate server (e.g., server name and internet address), 
computer 176 may be another personal computer, a server, Additionally, the affiliate server provides information 
a router, a network PC, a peer device or other common 5 regarding its authentication requirements. The authentica- 
network node, and typically includes many or all of the tion requirements can be specified as the maximum time 
elements described above relative to computer 130, although allowed since the last login and entry of authentication 
only a memory storage device 178 has been illustrated in information by the user as well as the maximum time 
FIG. 2. The logical connections depicted in FIG. 2 include . allowed since the last "refresh" of the authentication infor- 
a local area network (LAN) 180 and a wide area network 1Q ma tion by the user. Refreshing the authentication informa- 
(WAN) 182. Such networking environments are common- tion refers to the process of having the user re-enter the 
place in offices, enterprise-wide computer networks, password to be certain that the appropriate user is still 
intranets, and the Internet. operating the client computer system. This periodic refresh- 
When used in a LAN networking environment, computer ing of authentication information is useful if the user leaves 
130 is connected to the local network 180 through a network their computer system without logging out of the authenti- 
interface or adapter 184 When used in a WAN networking cation server? thereb allowi anolher mdividual to access 
environment, computer 130 typically includes a modem 186 affilkte ^ ^ 1 in m of ^ ious user If a 

or other means for establishing communications over the . 7 .u «=r • f* *u 

., - ,*o-i l ilt. t-i_ 1 user requests access to the affiliate server after the maximum 

wide area network 182, such as the Internet. The modem t . „ , L ,* , 1 /• 

186, which may be internal or external, is connected to the time ^ ' * re - au ' hentlcated < LC " 

bus 136 via a serial port interface 156. In a networked 20 . ref ' eshed ) b y the authentication server by issuing a new 

environment, program modules depicted relative to the authentication ticket. Thus, although there is a central 

personal computer 130, or portions thereof, may be stored in authentication server, each individual affiliate server can 

the remote memory storage device. It will be appreciated establish its own authentication requirements which are 

that the network connections shown are exemplary and other enforced by the authentication server. After registering with 

means of establishing a communications link between the 2 s tne authentication server, the affiliate server can use the 

computers may be used. authentication server to authenticate any user that has also 

Generally, the data processors of computer 130 are pro- registered with the authentication server, 

grammed by means of instructions stored at different times FIGS. 3 and 4 illustrate the interaction between the client 

in the various computer-readable storage media of the com- computer system 100, the affiliate server 104, and the 

puter. Programs and operating systems are typically 30 authentication server 110 when a user of the client computer 

distributed, for example, on floppy disks or CD-ROMs. system seeks access to the affiliate server. The example 

From there, they are installed or loaded into the secondary illustrated with respect to FIGS. 3 and 4 describes the 

memory of a computer. At execution, they are loaded at least situation in which the user of the client computer system 100 

partially into the computer's primary electronic memory. has not yet logged into the affiliate server 104 and has not yet 

The invention described herein includes these and other 35 been authenticated by the authentication server 110. The 

various types of computer-readable storage media when lines in FIG. 3 labeled "A" through "H" represent the flow 

such media contain instructions or programs for implement- of information or activities during the authentication pro- 

ing the steps described below in conjunction with a micro- cess. The arrows on the lines indicate the direction of the 

processor or other data processor. The invention also process flow. The label "A" represents the beginning of the 

includes the computer itself when programmed according to 40 process and the label "H" represents the end of the process, 

the methods and techniques described below. The corresponding steps in FIG. 4 are indicated with the 

For purposes of illustration, programs and other execut- label in parenthesis, 

able program components such as the operating system are FIG. 4 is a flow diagram illustrating the authentication 

illustrated herein as discrete blocks, although it is recog- process when a user of the client computer system 100 seeks 

nized that such programs and components reside at various 45 access to the affiliate server 104. The process begins when 

times in different storage components of the computer, and the user of the client computer system accesses a web page 

are executed by the data processors) of the computer. on the affiliate server (step 200). The client computer system 

Prior to executing the authentication process described includes a web browser, such as the "Internet Explorer" web 

below, both the user of client computer system 100 and the browser manufactured and distributed by Microsoft Corpo- 

operator of affiliate server 104 "register" with the authenti- 50 ration of Redmond, Wash., for accessing various web sites, 

cation server 110. This registration is a one-time process The affiliate server determines whether the user seeking 

which provides necessary information to the authentication access to the server is already logged into the affiliate server 

server. The user of client computer system 100 registers by (e.g., authenticated) at step 202. In this example, the user is 

providing the user's name, mailing address, email address, not logged into the affiliate server, so the user must be 

and various other information about the user or the client 55 authenticated before the affiliate server will allow access. To 

computer system. As part of the user registration process, the authenticate the user, the affiliate server redirects the user's 

user is assigned (or selects) a login ID, which is a common browser to the authentication server, 

login ID used to access any affiliate server. The login ID may In this example, the user has not yet logged into the 

also be referred to herein as a "user name" or "login name". authentication server. Thus, the authentication server gen- 

Additionally, the user selects a password associated with the 60 erates a sign-in web page and communicates the web page 

login ID which is used for authentication purposes. After to the client computer system for display on the user's 

registering and logging into the authentication server, the browser (step 204). The sign-in web page requests the user's 

user can visit any affiliate server (i.e., affiliate servers that are login ID and password, which were established when the 

also registered with the same authentication server) without user registered with the authentication server. The user 

requiring any additional authentication and without 65 fills-in the requested information on the sign-in web page 

re-entering user information that is already contained in the . and clicks a "sign-in" button on the web page to send the 

associated user profile. ,. information entered to the authentication server (step 206). 
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Upon receiving the information from the user of the client After receiving the authentication ticket and the user's 
computer system, the authentication server compares the profile information, the affiliate server generates a person- 
entered information with the information stored in the alized web page for the user and communicates the web page 
authentication database (step 208). If the user-entered infor- to the user's browser (step 216). Additionally, the affiliate 
mation is not correct (i.e., does not match the information 5 server copies one or more cookies to the client computer 
stored in the authentication database) then the authentication system which include information indicating that the user of 
server generates and communicates a web page to the user the client computer system has been authenticated and 
indicating the login ID and password combination were not indicating the period of time during which the authentication 
valid (step 210). The web page may give the user an is valid. Each time the user enters a new web page request 
opportunity to re-enter the login ID and password by return- 10 on the same affiliate server, the data in the cookie is copied 
ing to step 204. Confidential information (such as the login to the affiliate server along with the page request. Thus, the 
ID and password) is communicated using a secure protocol affiliate server will not repeatedly check the authentication 
such as SSL (secure sockets layer). Various other secure 0 f a during each subsequent page request. However, if 
protocols or encryption mechanisms can be used to com- a particular period of time has passed (referred to as a 
municate confidential information between the authentica- timeout period) since the last authentication process by the 
tion server and the client computer system. >5 amhenlication ^rver, then the affiliate server may request a 

If the user-entered information is correct (i.e., matches the re-authorization of the user. 

information stored in the authentication database) then the ™ *u *•***• i ♦ j u ~. # • *, 

iL . . . /. 4 . The authentication ticket discussed above contains two 

authentication server copies the appropriate cookies to the t ™ r t „ . . , 1 1 . t 

client computer system and redirect the user's browser to tmie stam P s ' The II ^ irst " me ^amp indicates the last time that 

the affiliate server (step 212). A "cookie" is a piece of data 20 user s J°S in ID and password were physically typed by 

provided to a web browser by a web server. The data (i.e., the usen ^ second time stam P ind ' cates the last time that 

cookie) is sent back to the web server by the web browser the user s lo & m ^formation was refreshed by the authenU- 

during subsequent accesses to the web server. With respect catl0n server ™ s "refresh" of the user's login information 

to step 212,. one cookie contains information regarding the can be performed "silently" or by manual entry of the login 

date and time that the user was authenticated by the authen- 2 5 information (i.e., login ID and password) by the user. The 

ticalion server. Another cookie contains information regard- refreshing of the user's login information is performed by 

ing the user profile. The authentication server also updates the authentication server. Once completed, a new authenti- 

(or creates) a cookie that contains a list of all sites (or web cation ticket is issued to the affiliate server indicating the 

servers) visited by the user since the last logout from the new time stamp values. If the refresh operation fails (i.e., the 

authentication server. The cookie is updated by adding the 30 user does not supply the correct login information), then the 

current affiliate server to the list of sites visited. This list of user is logged out of the authentication server and aU affiliate 

sites visited is used to remove cookies from the client .servers. 

computer system when the user logs out of the authentica- Each affiliate server can specify the minimum time 

tion server. For example, when the user logs out, the requirements for each time stamp in the authentication 

authentication server sends a message to each web server on 35 ticket. If either time stamp exceeds the minimum time 

the list of sites visited. Each message is a request for the web requirement for the affiliate server, then the authentication 

server to delete any cookies it placed on the client computer server is contacted to re-authenticate (or refresh) the user 

system (e.g., through a browser running on the client com- login information and update the time stamps accordingly, 

puter system). Each authentication ticket is encrypted using the affiliate 

Cookies written to the client computer system by the 4 q server's shared encryption key, thereby preventing other 

authentication server cannot be read by any affiliate server. affiliate servers from viewing the authentication ticket. 

Similarly, cookies written to the client computer system by If the user of the client computer system is new to the 

a particular affiliate server cannot be read by any other affiliate server, the affiliate server may request additional 

affiliate server. The cookies written by an affiliate server are user information that is not already contained in the user 

encrypted using a key that is unique to the affiliate server, 45 profile. The additional information may include information 

thereby preventing other affiliate servers from reading the unique to that site (e.g., account number) or information 

data stored in the cookies. about the user's preferences and how the user intends to use 

Step 212 also includes generating an authentication ticket the web site. Thus, although the user generates a user profile 

and transmitting the ticket to the affiliate server. The authen- that is stored on the authentication server, the user may be 

tication ticket is generated by the authentication server and 50 required, during an initial visit to a web site, to provide 

indicates whether a particular user has been authenticated by additional information for the benefit of the associated web 

the authentication server. To protect the user's password and server. This additional information is then stored by the 

other login information, the affiliate server receives the affiliate server such that the user will not be required to 

authentication ticket instead of the user's password and re-enter the data during subsequent visits to the same web 

other login information. The authentication ticket indicates 55 site. 

that the user is authenticated and how much time has elapsed Although affiliate server 104 and authentication server 

since the user was last authenticated. 110 are both coupled to network 102 (see FIG. 1), no direct 

The authentication server also communicates the user connections are shown in FIG. 3. In this embodiment of the 

profile information to the affiliate server (step 214) through invention, the affiliate server 104 and the authentication 

the client computer system. In a particular embodiment of 60 server 110 do not communicate directly with one another, 

the invention, the user of the client computer system can Instead, communications between the affiliate server and the 

specify during the registration process what types of profile authentication server pass through the client computer sys- 

information should be provided to various types of web tem. However, in an alternate embodiment of the invention, 

servers. For example, a user may specify that all commerce- affiliate server 104 communicates directly with authentica- 

related web servers should receive the user's mailing 65 tion server 110, using network 102 or another data commu- 

address, but restrict the mailing address from all other types . nication medium. Thus, rather than communicating through 

of web sites. client computer system 100, the communications flow 
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directly between the authentication server and the affiliate However, this configuration presents a situation in which 

server. Although the authentication server and the affiliate affiliate servers could exchange information collected about 

server communicate directly, the user's authentication infor- the user with other affiliate servers, relying on the common 

mation (e.g., password) is not exposed to the affiliate server. login ID. To avoid this situation, a second embodiment of 

After a user has logged into the authentication server, it is 5 the invention uses a different login ID for each of the affiliate 

not necessary to re-enter the login ID, password, or other servers. This use of different login IDs is transparent to the 

user information when accessing other affiliated web serv- user, who only knows of the login ID used to log into the 

ers. The subsequent affiliate web servers accessed will authentication server. The authorization server maintains a 

determine from the authentication server that the user is list or cross-reference table that correlates the user's login 

already authenticated. 10 ID on the different affiliate servers. In this embodiment, the 

FIGS. 5 and 6 illustrate the interaction between the client affiliate servers do not know the login ID used on other 

computer system, a particular affiliate server and the authen- affiliate servers for the same user and, therefore, cannot 

tication server in a different situation. The example illus- exchange information about the user with other affiliate 

trated with respect to FIGS. 5 and 6 describes the situation servers. 

in which the client computer system 100 has already been A particular embodiment of the invention has been 
authenticated by the authentication server 110 (e.g., when 15 described and illustrated herein with reference to multiple 
logging into a different affiliate server), but the client com- web servers and an authentication server coupled to a 
puter system is not yet logged into the affiliate server 104. common data communication network. However, the teach- 
in this example, the user of the client computer system in gs of tDe present invention can be applied to any type of 
100 accesses a web page on the affiliate server 104 (step w eb server or other computing device that accesses a 
230). The affiliate server determines that the user is not centralized authentication system to authenticate a user and 
authenticated (with respect to the affiliate server) and redi- retrieve associated user profile information. Furthermore, 
rects the user's browser to the authentication server (step the present invention can be utilized without requiring a data 
232). Next, the authentication server retrieves the affiliate communication network. Instead, one or more temporary or 
information entered during registration of the affiliate to 25 permanent data communication links are established 
determine whether the most recent authentication of the user between an authentication server and an affiliate server for 
is within the affiliate's timeout period (step 234). If the most exchanging data. 

recent authentication is not within the timeout period (i.e., Thus, a system has been described that allows a web 

not acceptable), then the authentication server retrieves and server to authenticate a user seeking access to the web 

authenticates the user's login ID and password (step 238) 3Q server. The authentication is performed by an authentication 

using, for example, the procedures discussed above with server without exposing the user's authentication informa- 

respect to FIG. 4. tion (e.g., password) to the web server. The web server 

If the most recent authentication is acceptable, then the receives an authentication, ticket from the authentication 
authentication server copies the appropriate cookies to the server indicating whether the authentication was successful 
client computer system and redirects the user's browser back 35 and further indicating the time since the last user authenti- 
to the affiliate server (step 240). Additionally, the authenti- cation. The authentication server may also provide user 
cation server generates an authentication ticket, which is profile information to the web server if the user is authen- 
coramunicated to the aflSliate server. As discussed above, the ticated. Thus, the authentication server provides a central- 
authentication ticket indicates to the affiliate server that the ized device for authenticating users without exposing the 
user is authenticated. Furthermore, the authentication ticket 40 user's confidential login information to an affiliate server, 
includes two timestamps indicating the elapsed time since This single user profile may be provided to multiple affiliate 
the last user authentication. servers without requiring repeated entry of information by 

The authentication server also copies certain elements of the ( ie » enterin g information at each new web site 

the user's profile information to the affiliate server (step visited). Once the user has been authenticated by the authen - 

242). The affiliate server then generates a personalized web 45 tication ^ tbe user can visit multi P le web sites that are 

page and communicates the web page to the user's browser affiliated with the authentication server without re-entenng 

(step 244). The affiliate server also copies a cookie tp the the authentication information for each web site, 

client computer system containing information indicating Although the invention has been described in language 

that the user of the client computer system has been authen- specific to structural features and/or methodological steps, it 

ticated and indicating the period of time during which the 50 is t0 be understood that the invention defined in the 

authentication is valid. Each time the user enters a new web appended claims is not necessarily limited to the specific 

page request on the same affiliate server, the data in the features or steps described. Rather, the specific features and 

cookie is copied to the affiliate server along with the page steps are disclosed as preferred forms of implementing the 

request. Thus, the affiliate server will not repeatedly check claimed invention, 

the authentication of a user during each subsequent page 55 What is claimed is: 

request. 1. A method of accessing a web server coupled to the 

In an embodiment of the invention, a particular affiliate Internet, the method comprising: 

server may utilize only a portion of the services available receiving a request from a web server to authenticate a 

from the authentication server. For example, the affiliate user of an Internet browser seeking access to the web 

server may perform its own authentication of the user, but 60 server; 

requests the user profile information from the authentication determining whether the user was already authenticated 

server. In another example, the affiliate server may rely on by an authentication server; 

the authentication server to authenticate the user, but the if the user was already authenticated by the authentication 

affiliate server ignores the user profile information and, server, generating an authentication ticket and commu- 

instead, collects information from the user itself 65 nicating the authentication ticket to the web server; 

In one embodiment of the invention, the same login ID is if the user was not already authenticated by the authen - 

used to identify a particular user on all affiliate servers. tication server, then 
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communicating a web from the authentication server to 
an Internet browser operated by the user, wherein the 
web page requests login information to be returned 
to the authentication server from the user; 

receiving the completed web page at the authentication 
server from the user; 

authenticating the user by comparing the information 
received in the completed web page with authenti- 
cation information maintained by the authentication 
server; and 

if the information received in the completed web page 
matches the authentication information, generating 
an authentication ticket at the authentication server 
and communicating the authentication ticket from 
the authentication server to the web server. 

2. A method as recited in claim 1 wherein the authenti- 
cation ticket includes an indication that the user is authen- 
ticated. 

3. A method as recited in claim 1 wherein the authenti- 
cation ticket does not contain any reference to the user's 
login information. 

4. A method as recited in claim 1 wherein the authenti- 
cation ticket does not contain any reference to the informa- 
tion received in the completed web page. 

5. A method as -recited in claim 1 wherein the authenti- 
cation ticket includes a first time stamp indicating the last 
time the user's login information was refreshed. 

6. A method as recited in claim 1 wherein the authenti- 
cation ticket includes a second time stamp indicating the last 
time the user physically entered their login information. 

7. A method as recited in claim 1 wherein the authenti- 
cation ticket includes: 

a first time stamp indicating the last time the user's login 

information was refreshed; and 
includes a second time stamp indicating the last time the 

user physically entered their login information. 

8. The method of claim 1, wherein the login information 
is used to authenticate the user with respect to the authen- 
tication server but is not used to directly authenticate the 
user with respect to the web server. 

9. One or more computer-readable memories containing a 
computer program that is executable by a processor to 
perform the method recited in claim 1. 

10. A method of authenticating a user, the method 'com- 
prising: 

receiving, at an authentication server, a request to authen- 
ticate a user,, wherein the request is generated by a 
network server to which the user is seeking access; 
determining whether the user was already authenticated 

by the authentication server; 
if the user was already authenticated by the authentication 
server, generating an authentication ticket and commu- 
nicating the authentication ticket to the network server, 
wherein the authentication ticket includes an indication 
that the user is authenticated; and 
if the user was not already authenticated by the authen- 
tication server, then retrieving login information by 
the authentication server from the user, 
authenticating the user at the authentication server by 
comparing the retrieved login information with 
authentication information maintained by the 
authentication server, and 
if the retrieved login information matches the authen- 
tication information, generating an authentication 
ticket at the authentication server and communicat- 
ing the authentication ticket from the authentication 
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server to the network server, wherein the authenti- 
cation ticket includes an indication that the user is 
authenticated. 

11. A method as recited in claim 10 wherein the authen- 
5 tication ticket further includes: 

a first time stamp indicating the last time the user's login 

information was refreshed; and 
a second time stamp indicating the last time the user 
physically entered their login information. 
10 12. A method as recited in claim 10 wherein the network 
server is a web server coupled to the Internet. 

13. A method as recited in claim 10 wherein the method 
is performed by the authentication server, which is coupled 
to the Internet, 

15 14. A method as recited in claim 10 wherein the retrieved 
login information includes a login ID and a password 
associated with the login ID. 

15. A method as recited in claim 10 further comprising 
concealing the retrieved login information from the network 

20 server. 

16. A method as recited in claim 10 further comprising 
concealing the authentication information maintained by the 
authentication server from the network server. 

17. A method as recited in claim 10 wherein the user 
25 previously registered with the authentication server. 

18. A method as recited in claim 10 wherein the network 
server previously registered with the authentication server. 

19. The method of claim 10, wherein the login informa- 
tion is used to authenticate the user with respect to the 

3 q authentication server but is not used to directly authenticate 
the user with respect to the network server. 

20. One or more computer-readable memories containing 
a computer program that is executable by a processor to 
perform the method recited in claim 10. 

35 21. One or more computer- readable media having stored 
hereon a computer program comprising the following steps: 
receiving a request to authenticate a user seeking access 

to a network server; 
determining whether the user was already authenticated 
40 by an authentication server; 

if the user was already authenticated by the authentication 
server, generating an authentication ticket and commu- 
nicating the authentication ticket to the network server; 
and 

45 if the user was not already authenticated by the authen- 
tication server, then retrieving login information by 
the authentication server from the user, 
authenticating the user at the authentication server by 
comparing the retrieved login information with 
50 authentication information maintained by the 

authentication server, 
if the retrieved login information matches the authen- 
tication information, generating an authentication 
ticket at the authentication server and 
55 communicating the authentication ticket from the 
authentication server to the network server. 
22. One or more computer- readable media as recited in 
claim 21 wherein the authentication ticket includes an 
indication of whether the user is authenticated. 
60 23. One or more computer-readable media as recited in 
claim 21 wherein the authentication ticket does not contain 
any reference to the retrieved login information. 

24. One or more computer- read able media as recited in 
claim 21 wherein the authentication ticket does not contain 

65 any reference to the user's login information. 

25. One or more computer-readable media as recited in 
claim 21 wherein the authentication ticket includes a first 
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time stamp' indicating the last time the user's login infor- 
mation was refreshed. 

26. One or more computer- readable media as recited in 
claim 21 wherein the authentication ticket includes a second 
time stamp indicating the last time the user physically 
entered their login information. 

27. The computer program of claim 21, wherein the login 
information is used to authenticate the user with respect to 
the authentication server but is not used to directly authen- 
ticate the user with respect to the network server. 

28. A method of granting access to a network server, the 
method comprising: 

receiving a request by a user to gain access to the network 
server; 

generating a request to authenticate the user, from the 
authentication server the request includes the user's 
login information; 

communicating the request to an authentication server; 

receiving an authentication ticket at the network server 
from the authentication server indicating whether the 
user is authenticated; 

granting access to the user at the network server if the 
authentication ticket indicates that the user is authen- 
ticated at the authentication server; and 

denying access to the user if the authentication ticket 
indicates that the user is not authenticated. 

29. A method as recited in claim 28 wherein the authen- 
tication ticket further includes a first time stamp indicating 
the last time the user's login information was refreshed. 

30. A method as" recited in claim 28 wherein the authen- 
tication ticket further includes a second time stamp indicat- 
ing the last time the user physically entered their login 
information. 

31. The method of claim 28, wherein the login informa- 
tion is used to authenticate the user with respect to the 
authentication server but is not used to directly authenticate 
the user with respect to the network server. 



10 



20 



25 



30 



35 



32. One or more computer-readable memories containing 
a computer program that is executable by a processor to 
perform the method recited in claim 28. 

33. One or more computer-readable media having stored 
thereon a computer program comprising the following steps: 

receiving a request by a user to gain access to a network 
server; 

generating a request to authenticate the user from an 
authentication server to be returned to the authentica- 
tion server; 

communicating the request, includes the user's login 
information to the authentication server; 

receiving an authentication ticket at the network server 
from the authentication server indicating whether the 
user is authenticated; 

granting access to the user, at the network server if the 
authentication ticket indicates that the user is authen- 
ticated; and 

denying access to the user, at the network server if the 
authentication ticket indicates that the user is not 
authenticated. 

34. One or more computer- readable media as recited in 
claim 33 wherein the authentication ticket includes a first 
time stamp indicating the last time the user's login infor- 
mation was refreshed. 

35. One or more computer- readable media as recited in 
claim 33 wherein the authentication ticket includes a second 
time stamp indicating the last time the user physically 
entered their login information. 

36. The computer program of claim 33, wherein the login 
information is used to authenticate the user with respect to 
the authentication server but is not used to directly authen- 
ticate the user with respect to the network server. 
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